ITSI Indexes
Note:
- All ITSI indexes are listed in $SPLUNK_HOME/etc/apps/SA-IndexCreation/default/indexes.conf
Indexes & Description
- itsi_summary: An event index that store results of scheduled KPI searches.
- itsi_sumary_metrics: A metrics index that store results of scheduled KPI searches.
- anomaly_detection: support trending and cohesive anomaly detection in ITSI.
- itsi_tracked_alerts: Stores active raw notable event data.
- itsi_notable_audit:Stores all audit events for episodes, including actions, comments, status, change, and owner change.
- itsi_notable_archive: Stores episode metadata, afte rretention
- itsi_grouped_alerts: Stores active episode data.
- snmptrapd: Stores events coming in from SNMP traps.
- itsi_import_objects: Stores events indexed from a manual entity or service import from a CSV file.
- itsi_im_meta: Optional index that stores Kubernetes metadata.
- itsi_im_metrics: Stores entity data for entity discovery in ITSI.
Next Chapter: Entity